Google starts upgrading its SSL certificates to 2048-bit keys, hopes to finish by end of 2013

Google today announced it has already started upgrading all of its SSLcertificates to 2048-bit keys. The goal is to beef up the encryption on the connections made to its services.

Google says the upgrade, which includes the root certificate that the company uses to sign all of its SSL certificates, will be completed “in the next few months.” Previously, however, Google was more specific and said it was aiming to finish the process by the end of 2013.

Of course, Google also planned to start the process on August 1, but today (July 30) the company revealed it had “already started.” The decision to start early is likely a decision related to how much work there is ahead.

Google previously said some configurations will require extra steps to avoid complications. The company specifically mentioned client software embedded in devices such as some phones, printers, set-top boxes, gaming consoles, and cameras.

Client software that makes SSL connections to Google (usually in the form of HTTPS) thus must adhere to the following requirements:

Perform normal validation of the certificate chain.

Include a properly extensive set of root certificates contained.

Support Subject Alternative Names (SANs).

For the second point, Google offers an example set in its FAQ which should be sufficient. The company also notes clients should, but are not required to, support the Server Name Indication (SNI) extension as they may need to make an extra API call to set the hostname on an SSL connection.